Presentation is loading. Please wait.

Presentation is loading. Please wait.

COLLABORATIVE SECURITY An approach to tackling Internet

Published byDinah Tate Modified over 6 years ago

Similar presentations

Presentation on theme: "COLLABORATIVE SECURITY An approach to tackling Internet"— Presentation transcript:

1 COLLABORATIVE SECURITY An approach to tackling Internet
security issues Introduction Internet security depends not only on how well you manage your own security risks, but also how you manage security risks that you may pose to others. If you act independently and solely in your own self-interest, the security of the Internet be impacted, and the overall pool of social and economic potential that the Internet offers the global community could be diminished. “Collaborative Security” is thus an approach to tackling Internet security issues that involves voluntary, multistakeholder cross- border cooperation and collaboration. It is premised on an understanding of the fundamental properties of the Internet as well as an appreciation of the complexity of the cybersecurity landscape. The Internet is a network of networks without centralized control. As such, the security of the Internet cannot be maintained by one entity. All stakeholders must thus collaborate and share the responsibility for addressing Internet security issues. The challenge is in how to achieve cybersecurity strategies while respecting fundamental human rights, properties, and values (i.e. privacy). The Internet is for everyone and we must work together to realize it’s full potential.

2 Elements of the Collaborative Security Approach
Fostering confidence and protecting opportunities Collective responsibility Fundamental properties and values Evolution and consensus Think globally, act locally Elements of the Collaborative Security Approach 1 2 3 4 Elements of a “Collaborative Security” framework: The Internet enables opportunities for economic and social prosperity globally. The starting point for Internet security should be what solutions are need to preserve those opportunities and foster confidence in the Internet. The security of the Internet is a shared responsibility. We will all be secure only when we are protecting ourselves – and our neighbors. Security solutions must preserve the fundamental, open nature of the Internet as well as fundamental human rights, values, and expectations (such as privacy and freedom of expression). Achieving security objectives, while preserving these fundamental properties, rights and values is the real challenge. We must find solutions that build on lessons learned, which are developed by consensus, and which will evolve to meet whatever new threats emerge. Commercial competition, politics and personal motivation play a role in how well collaboration happens. But differences can be overcome to cooperate against a threat. Solutions should be implemented by people at the closest point where they can have the most impact. This is called the subsidiarity principle. Think globally, but act locally. 5

3 1 2 An Internet security paradigm should: Foster confidence globally,
Protect social and economic opportunities, and Advance objectives in design and in practice. 2 Internet participants have: A common interest in the management of the Internet to ensure its sustainability, and A collective responsibility to care for the Internet for the benefit of everyone. Fostering confidence and protecting opportunities: The Internet enables opportunities for human, social and economic development on a global scale. These opportunities will only be realized if Internet participants have confidence that they can use the Internet securely, reliably, and privately. Security solutions must, in design and in practice, foster confidence in the Internet and protect opportunities for economic and social prosperity. Otherwise, security solutions may go too far, thereby jeopardizing the very infrastructure that ties together the global economy and provides the engine for its growth. EXAMPLE: An ISP locking down a firewall may provide better security but would stifle innovation, because some applications won't be accessible without prior configuration. Collective responsibility: The Internet is a global interconnected network of networks. Participation on the Internet means global interdependency. In an interconnected interdependent system, no one participant can achieve absolute security. No security solutions exist in isolation. Internet security depends on how well participants manage both their own security risks and the outward security risks that they may pose to others (whether through their action or inaction). These factors mean that Internet participants have: a common interest in the management of the Internet to ensure its sustainability; and a collective responsibility to care for the Internet for the benefit of everyone. If Internet participants act independently and only in their own self-interest, the security of the Internet will be impacted. In addition, the overall pool of social and economic potential that the Internet offers the global community will be diminished. As such, Internet participants must see cybersecurity as a long-term investment for the benefit of everyone. It is not enough to ask that participants take responsibility just for their part of the Internet ecosystem. Collective responsibility extends to the system as a whole, and requires a common understanding of the problem, shared solutions, common benefits, and open communication channels. Multistakeholder cross-border collaboration is an important component of collective responsibility. Its success depends on trustful relationships – between nations, between citizens and their government, between operators, service providers, and across all stakeholder groups. EXAMPLE: Mutually Agreed Norms for Routing Security (MANRS) demonstrates how industry players have been able to turn to the principles of collective responsibility to voluntarily address issues of resilience and security in the Internet’s global routing system. Traditional, government-led regulatory approaches are not effective and agile enough for the global Internet.

4 3 4 Security solutions should be integrated to preserve the:
Internet Invariants, and Fundamental human rights, values, and expectations. 4 Agree on the problem and then find the solution. Security solutions need to be: Flexible enough to evolve over time, Responsive to new challenges, Resilient against change and threats, and Take an open, consensus-based participatory approach. Fundamental properties and values: The Internet Invariants are the fundamental properties of the Internet. They include: open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation, and global reach. Security solutions must preserve these fundamental properties of the Internet and fundamental human rights, values and expectations. All security solutions are likely to have an effect on the Internet’s operation and development, as well as on the rights and expectations of Internet end-users. Such effects may be positive or negative. EXAMPLE: If we weaken cryptography, we hurt only the well-meaning and law-abiding citizens who rely on companies to protect their data. Criminals and bad actors will still encrypt their data, using the tools that are readily available to them, but consumers might loose trust in the technology. Removing bad parts can also kill good parts. Evolution and consensus: Technology is going to change. Security threats will adapt to take advantage of new platforms and protocols. Therefore, security solutions need to be responsive to new challenges. Solutions that build on “lessons learned” make the Internet more resilient to threats. Solutions can be incremental. Even if a problem can not be solved completely, you might be able to make the vulnerability less attractive to malicious actors. Be open to testing disruptive or non-traditional ideas. Experience suggests that an open, consensus-based participatory approach is the most robust, flexible and agile. Processes which draw upon the interests and expertise of a broad set of stakeholders are more likely to lead to success. EXAMPLE: Encryption keys that are strong enough today will not be strong enough in the future. Technology and practices should be flexible and evolve over time to maintain the security and stability of the global Internet.

5 5 Security solutions should involve communities:
Of different players taking action closest to where issues occur, That are the smallest, lowest, or least centralized link in the chain, Formed in a bottom-up, self-organizing fashion, and That effectively and efficiently define and implement solutions based on interoperable building blocks. Think globally, act locally: The security of the Internet cannot be maintained by any one entity or organization. Creating security and trust in the Internet requires different players (with different roles and responsibilities) to take action. Solutions should be implemented by the smallest, lowest or least centralized competent community at the point in the system where they can have the most impact. Communities often form spontaneously in a bottom-up, self-organizing fashion around specific issues (i.e. spam, or routing security) or a locality (i.e. protection of critical national infrastructure or security of an Internet exchange). Solutions should be based on interoperable building blocks – i.e. industry-accepted standards, best practices and approaches. Solutions must not undermine the global architecture of the Internet or curtail human rights, because the Internet is for everyone. EXAMPLE: RIPE works with diverse technical actors, in an output-orientated multistakeholder approach, to make fast policy decisions. The smooth running of the Internet depends on the involvement of those who give their input where they can help and implement changes on a voluntary basis.

6 Download the Briefing Paper
Questions? Conclusion: People are what ultimately hold the Internet together, so we have to work together in order for the Internet to realize its full potential. We must have an Internet that is both secure and open, and where participants trust it is a tool for empowerment and prosperity. We need greater collaboration on security issues, and to work faster at getting things right, so that the Internet can grow and flourish. Download the Briefing Paper

Download ppt "COLLABORATIVE SECURITY An approach to tackling Internet"

Similar presentations

A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
Socioeconomics knowledge cafe Wrap-up. Agreed the list of socioeconomic themes/issues that have dependencies with RWI research priorities Standardization.

Socioeconomics knowledge cafe Wrap-up. Agreed the list of socioeconomic themes/issues that have dependencies with RWI research priorities Standardization.
Supporting New Business Imperatives Creating a Framework for Interoperable Media Services (FIMS)

Supporting New Business Imperatives Creating a Framework for Interoperable Media Services (FIMS)
OpenStand and IEEE 802 Konstantinos Karachalios Managing Director, IEEE-SA 17 November 2012.

OpenStand and IEEE 802 Konstantinos Karachalios Managing Director, IEEE-SA 17 November 2012.
The Future Internet: A clean-slate design? Nicholas Erho.

The Future Internet: A clean-slate design? Nicholas Erho.
OpenStand and Collaborative Communities For innovation, solutions and market growth Kantara Initiative 3 June 2014 Summit Karen McCabe Senior Director,

OpenStand and Collaborative Communities For innovation, solutions and market growth Kantara Initiative 3 June 2014 Summit Karen McCabe Senior Director,
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Challenges to freedom of expression The right to freedom of expression is a “foundation right” in society. It protects the right to: -Express ourselves.

Challenges to freedom of expression The right to freedom of expression is a “foundation right” in society. It protects the right to: -Express ourselves.
Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.

Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.
DIVISION Landstingsdirektörens stab Coral Interreg Europe proposal Project proposal addresses objective 1.2 of the Interreg Europe Programme: Improve the.

DIVISION Landstingsdirektörens stab Coral Interreg Europe proposal Project proposal addresses objective 1.2 of the Interreg Europe Programme: Improve the.
OpenStand Principles for the modern paradigm for standards development.

OpenStand Principles for the modern paradigm for standards development.
Social and Professional Issues in IT Roshan Chitrakar.

Social and Professional Issues in IT Roshan Chitrakar.
20th November 2009 National Policy Dialogue 1 Role of State in a Developing Market Economy S.B. Likwelile.

20th November 2009 National Policy Dialogue 1 Role of State in a Developing Market Economy S.B. Likwelile.
Updated September 30, 2010 Open Health Tools (OHT) Strategic Plan.

Updated September 30, 2010 Open Health Tools (OHT) Strategic Plan.
Community-Driven Development: An Overview of Practice Community Development Strategies – how to prioritize, sequence and implement programs CommDev Workshop.

Community-Driven Development: An Overview of Practice Community Development Strategies – how to prioritize, sequence and implement programs CommDev Workshop.
DOCUMENT #:GSC15-PLEN-62 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (6.14) CONTACT(S):Jim MacFie Cloud Computing Jim MacFie Chairman, ISACC.

DOCUMENT #:GSC15-PLEN-62 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (6.14) CONTACT(S):Jim MacFie Cloud Computing Jim MacFie Chairman, ISACC.
New World, New World Bank Group Presentation to Fiduciary Forum On Post Crisis Direction and Reforms March 01, 2010.

New World, New World Bank Group Presentation to Fiduciary Forum On Post Crisis Direction and Reforms March 01, 2010.
Digital Ecosystems Re-tuning the user requirements after 3 years Digital Ecosystems Re-tuning the user requirements after 3 years Towards Business Cases.

Digital Ecosystems Re-tuning the user requirements after 3 years Digital Ecosystems Re-tuning the user requirements after 3 years Towards Business Cases.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.

What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
World summit on the information society 1 WSIS: Building the Information Society: a global challenge in the new Millennium Tim Kelly, Claudia Sarrocco.

World summit on the information society 1 WSIS: Building the Information Society: a global challenge in the new Millennium Tim Kelly, Claudia Sarrocco.

Similar presentations

Ads by Google